Deepfakes Fuel 90% Of Biometric Fraud In Africa

Smile ID, Africa’s leading identity verification company, has released its 2026 Digital Identity Fraud Report — “From Selfies to Signals: Identity Enters the Security Era.”.

The report finds that AI has rapidly reduced the cost, while increasing the scalability and quality of deepfake fraud. In addition, as identity becomes part of the fabric of many essential applications, fraudsters increasingly attack the online ID capture pipeline itself — manipulating devices, operating systems, and verification sessions to try and bypass verification technology.

In Southern Africa, nearly nine in ten rejected biometric verification attempts were linked to AI-assisted impersonation and spoofing. Specifically, impersonation (where the selfie doesn’t match the claimed identity) accounted for 47% of rejected verifications, while spoofing attempts (including deepfake and face-swap techniques designed to bypass liveness checks) made up 40%. This highlights a significant shift towards advanced biometric attacks, with document-based fraud accounting for just over one-tenth of cases.

How and where an identity is verified now matters as much as the image presented. In 2025, Smile ID saw more than 100,000 “injection-style” fraud attempts per month linked to emulators, virtual cameras, and manipulated environments — showing a shift from visual spoofing toward systematic interference with the ID verification process.

Authentication-related fraud attempts now exceed onboarding fraud by more than five times, confirming that identity risk has moved towards authentication. Attackers are no longer focused on breaking in; they are operating within verified accounts, targeting login flows, account recovery, device changes, and high-value transactions.

AI-enabled automations allow attackers to reuse verified biometrics, take over accounts mid-journey, and move funds across platforms at scale. This shift has transformed digital fraud from isolated cases of document manipulation into more sophisticated attacks by criminal networks abusing the structural vulnerabilities of mobile-first digital systems.

The findings are based on anonymised data from more than 200 million identity verification checks conducted in 2025 by Smile ID, spanning 37 industries in over 35 countries.

Africa’s digital economy is expanding faster than the security infrastructure that supports it. Over the past decade, the percentage of adults in Africa owning a financial account rose from 34% to nearly 60%, creating more than 200 million new accounts across the continent.

That expansion has unlocked extraordinary opportunity, but it has also created a structural vulnerability: identity verification systems remain largely designed for a one-time checkpoint model, while fraud has evolved into continuous, industrial-scale operations that exploit security gaps across the full customer lifecycle. In a single month in 2025, Smile ID traced more than 160,000 fraudulent verification attempts back to just 100 facial identities.

Some of these faces appeared over 12,000 times across multiple platforms. In another case, attackers used the same identity to attempt more than 1,000 account registrations within 30 minutes. These patterns are not isolated incidents. They represent coordinated fraud networks operating at scale—reusing stolen identities, automating attacks, and targeting the moments where value concentrates: login flows, password resets, device changes, and high-value withdrawals.

As shared infrastructure, Smile ID identifies systemic fraud patterns that transcend individual institutions. As it identifies risk and fraud signals, its machines and analysts add signals to its dynamic defense network, creating a network defence that protects all of its clients. By leveraging a combination of traditional algorithms, controlled capture methods, and internally tuned LLMs, Smile ID’s privacy-preserving metadata surfaced hundreds of thousands of examples of coordinated abuse that otherwise may appear legitimate in isolation.

Key findings from the 2026 Digital Identity Fraud Report also include:

• Authentication fraud attempts are now 5x more common than at onboarding

• Nearly 90% of fraud blocked by Smile ID in 2025 was triggered by mobile SDK signals — up from 68% in 2024

• Duplicate attempts — those re-using stolen or fraudulent identity data — more than doubled year over year, and nearly tripled the combined prior 2023 & 2024 total.

• Deepfake-driven fraud is rising, with AI-generated biometric attacks appearing across multiple markets and industries, enabled by radically affordable tooling

• Injection attacks — which bypass the camera entirely using synthetic or pre-recorded media — have been elevated to a central threat category in 2026